package com.zcl.security;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.authentication.AuthenticationServiceException;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;

import com.zcl.dao.User;
import com.zcl.mapper.UserMapper;

public class UserPwdAuthFilter extends UsernamePasswordAuthenticationFilter{
	
	public static final String USERNAME="userName";
	public static final String PASSWORD="userPassword";
	
	@Autowired
	UserMapper userMapper;
	
	@Override
	public Authentication attemptAuthentication(HttpServletRequest request,
			HttpServletResponse response) throws AuthenticationException {
		if (!request.getMethod().equals("POST")) {  
            throw new AuthenticationServiceException("Authentication method not supported: " + request.getMethod());  
        }  
		String userName = request.getParameter("username");
		String password = request.getParameter("password");
	    // 验证用户是否被启用  
        UsernamePasswordAuthenticationToken authRequest = new UsernamePasswordAuthenticationToken(userName, password);  
        // 允许子类设置详细属性    
        setDetails(request, authRequest);  
        // 运行UserDetailsService的loadUserByUsername 再次封装Authentication   
        return this.getAuthenticationManager().authenticate(authRequest);  
		
	}
}
